Backdoor that threatens power stations to be purged from control system

A secret backdoor account is being removed from routers used by power utilities.

This RSG2100 device contains a backdoor that hackers could used to gain unauthorized access to computer systems that control electric substations and other critical infrastructure.

Image courtesy of RuggedCom

Mission-critical routers used to control electric substations and other critical infrastructure are being updated to remove a previously undocumented backdoor that could allow vandals to hijack the devices, manufacturer RuggedCom said late Friday.

The announcement by the Ontario, Canada-based company comes two days after Ars reported that the company's entire line of devices running its Rugged Operating System contained a backdoor with an easily determined password. The backdoor, which can't be disabled, had not been publicly acknowledged by the company until now, leaving the power utilities, military facilities, and municipal traffic departments using the industrial-strength gear vulnerable to sabotage that could affect the safety of huge populations of people.

The previously secret account uses the login ID of "factory" and a password that's recovered by plugging the MAC, or media access control, address of the targeted device into a simple Perl script. The backdoor on devices running early versions of Rugged OS could can be accessed over the Internet using secure Web browser connections, secure shell, telnet, remote shell, or serial console. On versions 3.3 and higher of the OS only telnet, remote shell, and serial console could can be used. Raising the risk of unauthorized access, many log in screens display the device's MAC address before a user enters valid credentials. Telnet and rsh can be disabled in all versions greater than 3.3.

"In addition to eliminating the factory backdoor, telnet and rsh services will be disabled by default," the company's statement read. "This change will result in newly shipped ROS devices having telnet and rsh disabled. It also results in telnet and rsh being disabled after loading factory default settings. This change has no impact on the operational status of telnet or rsh after a firmware upgrade."

RuggedCom devices are frequently installed in electric substations, traffic control cabinets, and other locations where dust, extreme heat and cold, and other difficult environmental conditions take a toll on hardware. In addition to being housed in areas that are difficult to physically access, the devices are frequently used to control mission-critical equipment, creating a hardship for those who must update.

"If users are running non-redundant networks, this is probably going to require taking their process offline," K. Reid Wightman, an industrial control systems security expert for Digital Bond, wrote in an email. "So it's not the sort of thing that most users can patch right away—they're going to have to patch it during their normal manufacturing patching cycle, which might be a year. That's why it's so important for vendors to get their development process right and not make these kinds of amateur mistakes."

Compounding the difficulty of updating, the changes will be made to Rugged OS versions 3.7 and higher, a limitation that will require users of older systems to upgrade to newer versions. The updates will be available through RuggedCom's customer support channel. The company said it will issue another bulletin with additional details in a few weeks.

The company thanked independent security researcher Justin W. Clarke for reporting the vulnerability. Clarke said he discovered the backdoor after examining used RuggedCom hardware he bought on eBay.